ayan.poddar
/
eShopOnContainers
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 19 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3946 Commits
36 Branches
655 MiB
Tree: 55638ff993
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '55638ff993'
${ noResults }
eShopOnContainers/deploy/k8s/helm/ingresscertmanager.sh

91 lines
4.1 KiB
Raw Normal View History

local update
3 years ago
 
  1. REGISTRY_NAME=heigoo
  2. CONTROLLER_REGISTRY=k8s.gcr.io
  3. CONTROLLER_IMAGE=ingress-nginx/controller
  4. CONTROLLER_TAG=v0.48.1
  5. PATCH_REGISTRY=docker.io
  6. PATCH_IMAGE=jettech/kube-webhook-certgen
  7. PATCH_TAG=v1.5.1
  8. DEFAULTBACKEND_REGISTRY=k8s.gcr.io
  9. DEFAULTBACKEND_IMAGE=defaultbackend-amd64
  10. DEFAULTBACKEND_TAG=1.5
  11. CERT_MANAGER_REGISTRY=quay.io
  12. CERT_MANAGER_TAG=v1.3.1
  13. CERT_MANAGER_IMAGE_CONTROLLER=jetstack/cert-manager-controller
  14. CERT_MANAGER_IMAGE_WEBHOOK=jetstack/cert-manager-webhook
  15. CERT_MANAGER_IMAGE_CAINJECTOR=jetstack/cert-manager-cainjector
  16. 

  17. az acr import --name $REGISTRY_NAME --source $CONTROLLER_REGISTRY/$CONTROLLER_IMAGE:$CONTROLLER_TAG --image $CONTROLLER_IMAGE:$CONTROLLER_TAG
  18. az acr import --name $REGISTRY_NAME --source $PATCH_REGISTRY/$PATCH_IMAGE:$PATCH_TAG --image $PATCH_IMAGE:$PATCH_TAG
  19. az acr import --name $REGISTRY_NAME --source $DEFAULTBACKEND_REGISTRY/$DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG --image $DEFAULTBACKEND_IMAGE:$DEFAULTBACKEND_TAG
  20. az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CONTROLLER:$CERT_MANAGER_TAG
  21. az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_WEBHOOK:$CERT_MANAGER_TAG
  22. az acr import --name $REGISTRY_NAME --source $CERT_MANAGER_REGISTRY/$CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG --image $CERT_MANAGER_IMAGE_CAINJECTOR:$CERT_MANAGER_TAG
  23. 

  24. 

  25. --------
  26. # Create a namespace for your ingress resources
  27. kubectl create namespace ingress-basic
  28. 

  29. # Add the ingress-nginx repository
  30. helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
  31. 

  32. # Set variable for ACR location to use for pulling images
  33. ACR_URL=heigoo.azurecr.io
  34. 

  35. # Use Helm to deploy an NGINX ingress controller
  36. helm install nginx-ingress ingress-nginx/ingress-nginx \

  37.     --namespace ingress-basic \

  38.     --set controller.replicaCount=2 \

  39.     --set controller.nodeSelector."kubernetes\.io/os"=linux \

  40.     --set controller.image.registry=$ACR_URL \

  41.     --set controller.image.image=$CONTROLLER_IMAGE \

  42.     --set controller.image.tag=$CONTROLLER_TAG \

  43.     --set controller.image.digest="" \

  44.     --set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux \

  45.     --set controller.admissionWebhooks.patch.image.registry=$ACR_URL \

  46.     --set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE \

  47.     --set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG \

  48.     --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux \

  49.     --set defaultBackend.image.registry=$ACR_URL \

  50.     --set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE \

  51.     --set defaultBackend.image.tag=$DEFAULTBACKEND_TAG
  52. 

  53.     # -----
  54.     kubectl --namespace ingress-basic get services -o wide
  55. 

  56.   #  ---- add a A reacord(and eshop.* subdomain cname) in Azure or DNS register(eg. GoDaddy) with load balancer ip
  57.     az network dns record-set a add-record \

  58.     --resource-group myResourceGroup \

  59.     --zone-name MY_CUSTOM_DOMAIN \

  60.     --record-set-name "*" \

  61.     --ipv4-address MY_EXTERNAL_IP
  62. 

  63.     # ----
  64.     # install cert manager
  65.     # ------
  66.     # Label the ingress-basic namespace to disable resource validation
  67. kubectl label namespace ingress-basic cert-manager.io/disable-validation=true
  68. 

  69. # Add the Jetstack Helm repository
  70. helm repo add jetstack https://charts.jetstack.io
  71. 

  72. # Update your local Helm chart repository cache
  73. helm repo update
  74. 

  75. # Install the cert-manager Helm chart
  76. helm install cert-manager jetstack/cert-manager \

  77.   --namespace ingress-basic \

  78.   --version $CERT_MANAGER_TAG \

  79.   --set installCRDs=true \

  80.   --set nodeSelector."kubernetes\.io/os"=linux \

  81.   --set image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CONTROLLER \

  82.   --set image.tag=$CERT_MANAGER_TAG \

  83.   --set webhook.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_WEBHOOK \

  84.   --set webhook.image.tag=$CERT_MANAGER_TAG \

  85.   --set cainjector.image.repository=$ACR_URL/$CERT_MANAGER_IMAGE_CAINJECTOR \

  86.   --set cainjector.image.tag=$CERT_MANAGER_TAG
  87. 

  88.   # ----
  89.   # create ca issuer
  90.   # run demo   https://docs.microsoft.com/en-us/azure/aks/ingress-tls
  91.   # https://docs.microsoft.com/en-us/azure/aks/static-ip
  92.